summaryrefslogtreecommitdiffstats
path: root/security/apparmor/label.c
Commit message (Collapse)AuthorAgeFilesLines
* locking/rwsem, security/apparmor: Replace homebrew use of write_can_lock() ↵Will Deacon2017-10-101-4/+4
| | | | | | | | | | | | | | | | | | with lockdep The lockdep subsystem provides a robust way to assert that a lock is held, so use that instead of write_can_lock, which can give incorrect results for qrwlocks. Signed-off-by: Will Deacon <will.deacon@arm.com> Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org> Acked-by: John Johansen <john.johansen@canonical.com> Cc: Linus Torvalds <torvalds@linux-foundation.org> Cc: Peter Zijlstra <peterz@infradead.org> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: paulmck@linux.vnet.ibm.com Link: http://lkml.kernel.org/r/1507055129-12300-1-git-send-email-will.deacon@arm.com Signed-off-by: Ingo Molnar <mingo@kernel.org>
* apparmor: fix incorrect type assignment when freeing proxiesJohn Johansen2017-09-221-1/+1
| | | | | | | | | | | | | | | sparse reports poisoning the proxy->label before freeing the struct is resulting in a sparse build warning. ../security/apparmor/label.c:52:30: warning: incorrect type in assignment (different address spaces) ../security/apparmor/label.c:52:30: expected struct aa_label [noderef] <asn:4>*label ../security/apparmor/label.c:52:30: got struct aa_label *<noident> fix with RCU_INIT_POINTER as this is one of those cases where rcu_assign_pointer() is not needed. Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: add support for absolute root view based labelsJohn Johansen2017-09-221-1/+9
| | | | | | | | | | With apparmor policy virtualization based on policy namespace View's we don't generally want/need absolute root based views, however there are cases like debugging and some secid based conversions where using a root based view is important. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
* apparmor: cleanup conditional check for label in label_printJohn Johansen2017-09-221-14/+8
| | | | | Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Seth Arnold <seth.arnold@canonical.com>
* apparmor: Redundant condition: prev_ns. in [label.c:1498]John Johansen2017-09-221-1/+1
| | | | | Reported-by: David Binderman <dcb314@hotmail.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
* apparmor: add the base fns() for domain labelsJohn Johansen2017-06-101-0/+2120
Begin moving apparmor to using broader domain labels, that will allow run time computation of domain type splitting via "stacking" of profiles into a domain label vec. Signed-off-by: John Johansen <john.johansen@canonical.com>
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-10 12:46:35 +0000